Pomoc! Virusi....
Prikazujem rezultate 1 do 16 od 16

Tema: Pomoc! Virusi....

  1. #1
    Ističe se zeksiv (avatar)
    Učlanjen
    14.04.2008.
    Pol
    muški
    Poruke
    2.160
    Tekstova u blogu
    10
    Reputaciona moć
    57

    Podrazumevano Pomoc! Virusi....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:18:49, on 24.4.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\nMtsk.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\01381593.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe
    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe
    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe
    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe
    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\Desktop\PeraZdera\zmajj.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOWS\ieocx.dll
    O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [01381593] C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\01381593.exe
    O4 - HKLM\..\Run: [01662234] C:\Documents and Settings\All Users.WINDOWS\Application Data\01662234\01662234.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSC...ws-i586-jc.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O23 - Service: ?????? Google Update (gupdate1c9b7bc57c12942) (gupdate1c9b7bc57c12942) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 7363 bytes



  2. #2
    Ističe se
    Učlanjen
    09.06.2007.
    Pol
    muški
    Poruke
    2.540
    Reputaciona moć
    0

    Podrazumevano Re: Pomoc! Virusi....

    Ovako... ima par stvari koje su pod znakom pitanja (bar meni):
    C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\01381593.exe
    ... ako su ti poznati ovi folderi i ovaj izvršni fajl ok, ako ne...
    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe
    ... isto i ovo, pojavljuje se par puta.
    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\Desktop\PeraZdera\zmajj.exe
    ... ovo je HijackThis ili ne? Ako jeste ok, ako nije...
    O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOWS\ieocx.dll
    ... ovo može > Fix Checked.
    O4 - HKLM\..\Run: [01381593] C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\01381593.exe
    ... ovo isto kao i kod prve stavke.
    O4 - HKLM\..\Run: [01662234] C:\Documents and Settings\All Users.WINDOWS\Application Data\01662234\01662234.exe
    ... isto i ovo.
    O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe
    ... ovo može > Fix Checked.
    O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
    ... i ovo može > Fix Checked.

    Znači ono što je boldovano, ako ti je poznato o čemu se radi onda OK, ako ne ...Fix Checked.

    Isključi System Restore, uđi u Safe Mode, pokreni HijackThis i štikliraj sve one stavke što su ti nepoznate iz gornjeg spiska.

    Ne bi bilo loše da komp posle toga preskeniraš i sa Malwarebytes-om.

  3. #3
    Domaćin
    Učlanjen
    04.04.2004.
    Pol
    muški
    Poruke
    3.887
    Reputaciona moć
    0

    Podrazumevano Re: Pomoc! Virusi....

    @kolega DekiM

    ovo sto si gore napisao je OK, ali i dalje nece rijesiti problem sa postojecim virusima, jer sam HT nije sposoban da obrise sve, ukljucujuci i reg, kljuceve ovih problema, tako da ce problem ponovo da se pojavi i pored iskljucenog system restore..
    Ne stizem detaljno da analiziram ovaj LOg, ali ako nadjem vremena i pogledacu detaljnije..

  4. #4
    Ističe se
    Učlanjen
    09.06.2007.
    Pol
    muški
    Poruke
    2.540
    Reputaciona moć
    0

    Podrazumevano Re: Pomoc! Virusi....

    Ok. Svaka dodatna pomoć je uvek dobrodošla.

  5. #5
    Ističe se zeksiv (avatar)
    Učlanjen
    14.04.2008.
    Pol
    muški
    Poruke
    2.160
    Tekstova u blogu
    10
    Reputaciona moć
    57

    Podrazumevano Re: Pomoc! Virusi....

    C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\01381593.exe
    Folderi su mi poznati, fajl ne....
    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe
    BitDefender mi je pokazivao da je to virus, ali sad imam NOD32 a on nista ne pokazuje.....

  6. #6
    Ističe se zeksiv (avatar)
    Učlanjen
    14.04.2008.
    Pol
    muški
    Poruke
    2.160
    Tekstova u blogu
    10
    Reputaciona moć
    57

    Podrazumevano Re: Pomoc! Virusi....

    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\Desktop\PeraZdera\zmajj.exe
    Ovo je HijackThis...
    O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOWS\ieocx.dll
    Ovo ne znam sta je....
    O4 - HKLM\..\Run: [01381593] C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\01381593.exe
    Ne znam sta je....
    O4 - HKLM\..\Run: [01662234] C:\Documents and Settings\All Users.WINDOWS\Application Data\01662234\01662234.exe
    Nemam pojma....
    O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe
    Nemma pojma...

    O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
    Nemam pojma....

    Ovako nikad nisam radio sa HijackThis - om pre, pa bojim se da nesto ne zeznem u Safe Modu, pa ako moze detaljnije objasnjenje...

  7. #7
    Ističe se zeksiv (avatar)
    Učlanjen
    14.04.2008.
    Pol
    muški
    Poruke
    2.160
    Tekstova u blogu
    10
    Reputaciona moć
    57

    Podrazumevano Re: Pomoc! Virusi....

    ComboFix 09-04-25.03 - Admin 25.04.2009 9:05.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.719 [GMT 2:00]
    Running from: c:\documents and settings\Admin.PC-0EC8CDAADA00\Desktop\Prijemni - MG\PeraZdera\ComboFix.exe
    AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\comp\Favorites\Download programs.url
    c:\documents and settings\comp\Favorites\Games.url
    c:\documents and settings\comp\Favorites\Translator.url
    c:\documents and settings\comp\Favorites\Videos.url
    C:\resycled
    c:\resycled\boot.com
    c:\windows\IE4 Error Log.txt
    c:\windows\ieocx.dll
    c:\windows\jestertb.dll
    c:\windows\system32\kr_done1
    c:\windows\system32\mdm.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
    .

    2009-04-24 19:58 . 2009-04-24 19:58 512096 ----a-w c:\windows\system32\drivers\amon.sys
    2009-04-24 19:58 . 2009-04-24 19:58 298104 ----a-w c:\windows\system32\imon.dll
    2009-04-24 19:58 . 2009-04-24 19:58 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys
    2009-04-24 19:48 . 2009-04-24 19:48 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Lavasoft
    2009-04-24 18:22 . 2009-04-24 21:11 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\01662234
    2009-04-24 17:49 . 2009-04-25 07:01 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\01381593
    2009-04-23 12:08 . 2009-04-24 19:38 81984 ----a-w c:\windows\system32\bdod.bin
    2009-04-22 20:09 . 2009-04-24 20:36 8552 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\bv2.exe
    2009-04-22 18:54 . 2009-04-22 18:54 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\2036B
    2009-04-22 18:41 . 2009-04-22 18:41 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\182AF
    2009-04-22 16:20 . 2009-04-24 20:36 35766 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\mscup2.exe
    2009-04-22 06:49 . 2009-04-22 06:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\3A242
    2009-04-21 17:14 . 2009-04-24 20:29 35766 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\iclose.exe
    2009-04-13 15:16 . 2009-04-13 15:16 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\369C
    2009-04-10 13:02 . 2009-04-10 13:03 -------- d-----w c:\windows\system32\NtmsData
    2009-04-08 10:37 . 2009-04-08 10:37 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Google
    2009-04-07 20:06 . 2009-04-07 20:06 56 ---ha-w c:\windows\system32\ezsidmv.dat
    2009-04-07 20:06 . 2009-04-07 20:06 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Google
    2009-04-07 20:06 . 2009-04-24 18:22 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\skypePM
    2009-04-04 12:47 . 2009-04-04 12:47 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-30 21:57 . 2009-04-24 18:24 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Skype
    2009-03-30 21:57 . 2009-04-07 20:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-04-24 20:15 . 2008-11-27 20:29 -------- d-----w c:\program files\Eset
    2009-04-23 12:02 . 2009-04-23 11:57 -------- d-----w c:\program files\Common Files\Softwin
    2009-04-23 08:50 . 2008-07-12 19:26 -------- d-----w c:\program files\Winamp
    2009-04-20 17:32 . 2008-12-28 14:08 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\BearShare
    2009-04-18 08:11 . 2009-04-18 08:11 -------- d-----w c:\program files\Alwil Software
    2009-04-17 19:33 . 2009-04-11 17:35 -------- d-----w c:\program files\BearShare Applications
    2009-04-14 12:22 . 2009-04-14 12:22 0 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\~eu37.tmp
    2009-04-07 20:07 . 2008-01-09 12:46 -------- d-----w c:\program files\Google
    2009-04-07 20:06 . 2009-03-30 21:56 -------- d-----r c:\program files\Skype
    2009-04-07 20:06 . 2008-01-23 18:27 -------- d-----w c:\program files\Common Files\Skype
    2009-04-04 12:47 . 2008-03-09 20:41 -------- d-----w c:\program files\Java
    2009-01-09 21:03 . 2008-11-28 17:56 67928 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2008-12-10 14:42 . 2008-12-10 14:42 144 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Local Settings\Application Data\fusioncache.dat
    2008-11-19 20:18 . 2008-11-19 20:18 322 ----a-w c:\documents and settings\Admin\Local Settings\Application Data\Bron.tok.A16.em.bin
    2008-11-15 18:23 . 2008-03-09 20:50 79680 ----a-w c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2008-09-27 22:00 . 2008-01-09 18:04 87608 ----a-w c:\documents and settings\comp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-21 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-10-22 86016]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2006-01-12 155648]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-10-19 286720]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-04 148888]
    "01381593"="c:\documents and settings\All Users.WINDOWS\Application Data\01381593\01381593.exe" [2009-04-24 17:49 387641]
    "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-24 949376]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
    "nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-12-13 7094272]
    "msnsc"="c:\windows\system32\msnsc.exe" [2002-12-31 62054]

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"="1"
    "UpdatesDisableNotify"="1"

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
    "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 gupdate1c9b7bc57c12942;?????? Google Update (gupdate1c9b7bc57c12942);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]
    R3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
    R3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
    R3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
    R3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
    R3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
    S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod3 2drv.sys [2009-04-24 15424]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - gupdate1c9b7bc57c12942
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 20:06]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-12CFG914-K641-26SF-N32P - c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe
    HKLM-Run-01662234 - c:\documents and settings\All Users.WINDOWS\Application Data\01662234\01662234.exe

  8. #8
    Ističe se zeksiv (avatar)
    Učlanjen
    14.04.2008.
    Pol
    muški
    Poruke
    2.160
    Tekstova u blogu
    10
    Reputaciona moć
    57

    Podrazumevano Re: Pomoc! Virusi....

    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.com/
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    LSP: c:\windows\system32\imon.dll
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-25 09:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(680)
    c:\windows\system32\imon.dll
    .
    Completion time: 2009-04-25 9:14
    ComboFix-quarantined-files.txt 2009-04-25 07:14

    Pre-Run: 5.695.668.224 bytes free
    Post-Run: 7.457.251.328 bytes free

    151

  9. #9
    Elita niceboy (avatar)
    Učlanjen
    07.03.2008.
    Pol
    muški
    Lokacija
    Zv,Lo,Bg...
    Poruke
    20.000
    Reputaciona moć
    5384

    Podrazumevano Re: Pomoc! Virusi....

    Fixaj sve sto ti je nepoznato,ali verovatno nece moci hjt to da odradi,pa ne bi bilo lose da nadjes i pogasis servise(stop i disable) i procese od ovih gluposti,pa onda fix.
    A mogao bi i da napises sta te konkretno muci.
    It's nice to be important,
    but it's more important to be nice.

  10. #10
    Ističe se zeksiv (avatar)
    Učlanjen
    14.04.2008.
    Pol
    muški
    Poruke
    2.160
    Tekstova u blogu
    10
    Reputaciona moć
    57

    Podrazumevano Re: Pomoc! Virusi....

    Odradio sam skeniranje sa NOD32 i izbrisao mi je 6 nekih virusa ili sta vec...Culi su mi se neki zvuci - kao neke radio stanice kada sam na netu....IE mnogo sporo radi....Kad ukljucim racunar pojavljuju mi se dve greske SetWindowPos Failed i Error code 1406...

  11. #11
    Domaćin
    Učlanjen
    04.04.2004.
    Pol
    muški
    Poruke
    3.887
    Reputaciona moć
    0

    Podrazumevano Re: Pomoc! Virusi....

    @niceboy
    Molim te nemoj da dajes vise ovakve savjete..

    Covjek je izlistao i HT log i CF log koje treba analizirati i dati rjesenje..
    Ono sto si napisao nema veze sa problemom koji ovde postoji..
    Na kratko sam usao, pa cim stignem da pogledam log detaljnije cu da napisem resenje..

  12. #12
    Domaćin
    Učlanjen
    04.04.2004.
    Pol
    muški
    Poruke
    3.887
    Reputaciona moć
    0

    Podrazumevano Re: Pomoc! Virusi....

    Nek ti ne bude lijeno, preimenuj Hijak This, u bilo koje drugo, i posatavi nam ponovo log..
    Imam sumnje da je jos ostalo nekih zlocestih stvari, a nisam siguran tacno, pa da vidimo dalje..

    I da li koristis Avast AV, ili da li si koristio AVAST???

  13. #13
    Ističe se zeksiv (avatar)
    Učlanjen
    14.04.2008.
    Pol
    muški
    Poruke
    2.160
    Tekstova u blogu
    10
    Reputaciona moć
    57

    Podrazumevano Re: Pomoc! Virusi....

    Citat Original postavio GZ Pogledaj poruku
    Nek ti ne bude lijeno, preimenuj Hijak This, u bilo koje drugo, i posatavi nam ponovo log..
    Imam sumnje da je jos ostalo nekih zlocestih stvari, a nisam siguran tacno, pa da vidimo dalje..

    I da li koristis Avast AV, ili da li si koristio AVAST???
    Promenio sam mu ime kad sam radio taj log, koristio sam Avast...

  14. #14
    Domaćin
    Učlanjen
    04.04.2004.
    Pol
    muški
    Poruke
    3.887
    Reputaciona moć
    0

    Podrazumevano Re: Pomoc! Virusi....

    Pored NOD-a, imas li i dalje Avast???
    Nije preporucljivo da rade dva av programa istovremeno..

    Jedan obavezno uninstaliraj, i daj HT log ponovo..

  15. #15
    Ističe se zeksiv (avatar)
    Učlanjen
    14.04.2008.
    Pol
    muški
    Poruke
    2.160
    Tekstova u blogu
    10
    Reputaciona moć
    57

    Podrazumevano Re: Pomoc! Virusi....

    Avast nemam vise....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:13:49, on 26.4.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\nMtsk.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Admin.PC-0EC8CDAADA00\Desktop\Prijemni - MG\PeraZdera\zmajj.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSC...ws-i586-jc.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O23 - Service: ?????? Google Update (gupdate1c9b7bc57c12942) (gupdate1c9b7bc57c12942) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6047 bytes

  16. #16
    Domaćin
    Učlanjen
    04.04.2004.
    Pol
    muški
    Poruke
    3.887
    Reputaciona moć
    0

    Podrazumevano Re: Pomoc! Virusi....

    Log je cist..
    S tim da jos bi trebalo da pogledas i viska Windows startup procese, koji ti opterecuju komp..

    Ako imas jos pitanja pitaj..

Slične teme

  1. Virusi (...)
    Autor kakokako u forumu Prirodne nauke
    Odgovora: 12
    Poslednja poruka: 21.08.2008., 22:25
  2. virusi
    Autor saska84 u forumu Zanimljivi sajtovi
    Odgovora: 16
    Poslednja poruka: 02.01.2007., 20:09
  3. virusi,virusi,oh virusi
    Autor srećica u forumu Sigurnost i zaštita
    Odgovora: 9
    Poslednja poruka: 09.02.2006., 14:36
  4. virusi , pomoc...
    Autor dumaru32 u forumu Softver
    Odgovora: 1
    Poslednja poruka: 14.01.2004., 07:24

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •